This has been a few months in the making to get what I think is a decent build of my WSUS Administrator Module. My goal with this module was to make something that provided enough use for most aspects of WSUS administration. With that, I have put together 40 advanced functions that provide access to various parts of WSUS. Some of these are commands to query different parts of wsus, such as clients, updates, server configurations, etc… Other parts allow for making configuration changes or approving/disapproving updates, creating or removing Target groups and adding/removing clients from Target groups. Some of the commands, such as ones that approve/decline updates, adds/removes a group, etc… have the whatif and confirm capabilities so you can verify that everything will happen as intended.
I have spent the last week testing it and working out all of the bugs, but most likely there are still some quirks here and there. I would appreciate any comments, both positive and negative as anything said will help to make the next version of this module better. I already have a list of probably 4 or 5 things that I want to add to this module for the next version.
So without further ado, I will walk through a few of the basic things in my module…
Importing the module
IMPORTANT!! You must have the WSUS Administrator Console installed on whichever computer that you will be running this function from. Download available here.
Be sure to save the module off as a .psm1 file so you can run the Import-Module cmdlet. Once you import the module, it will display a message telling you a couple of things that you can do to get started. I modeled this after the PowerCLI module as it seemed like a pretty good idea to show a couple of key things such as finding all of the commands available and how to make the initial connection to the server.
Available Commands
As I said before, I currently have 40 available advanced functions to perform a variety of tasks in WSUS. Below is a list of the commands:
Add-WSUSClientToGroup
Approve-WSUSUpdate
Connect-WSUSServer
Convert-WSUSTargetGroup
Deny-WSUSUpdate
Disconnect-WSUSServer
Get-WSUSChildServers
Get-WSUSClient
Get-WSUSClientGroupMembership
Get-WSUSClients
Get-WSUSClientsInGroup
Get-WSUSCommands
Get-WSUSContentDownloadProgress
Get-WSUSDatabaseConfig
Get-WSUSDownstreamServers
Get-WSUSEmailConfig
Get-WSUSEvents
Get-WSUSGroup
Get-WSUSGroups
Get-WSUSServer
Get-WSUSStatus
Get-WSUSSubscription
Get-WSUSSyncHistory
Get-WSUSSyncProgress
Get-WSUSUpdate
Get-WSUSUpdateCategories
Get-WSUSUpdates
New-WSUSGroup
Remove-WSUSClient
Remove-WSUSClientFromGroup
Remove-WSUSGroup
Remove-WSUSUpdate
Resume-WSUSDownloads
Resume-WSUSUpdateDownload
Set-WSUSEmailConfig
Start-WSUSCleanup
Start-WSUSSync
Stop-WSUSDownloads
Stop-WSUSSync
Stop-WSUSUpdateDownload
Making Initial Connection to WSUS Server
To make the initial connection to the WSUS server, use the Connect-WSUSServer function. This will allow you to use the other advanced functions that are available within this module.
Now that the connection has been made, we can begin looking at a couple of commands that will probably be getting a fair amount of use.
Viewing Updates
The Get-WSUSUpdates advanced function will grab all of the updates, so be careful using it as it may take a while to grab every update. Using the following command, I can pull the first 5 updates.
Get-WSUSUpdates | Select -first 5 | Select Title, KnowledgeBaseArticles, UpdateClassificationTitle
If you want to look for a specific update, you can use Get-WSUSUpdate to accomplish this. This works much faster and is more helpful for filtering for specific updates.
Get-WSUSUpdate -Update "819639"
WSUS Target Groups
You can view the current WSUS Target groups using the Get-WSUSGroups function.
Creating a new WSUS Target group is as simple as using the New-WSUSGroup command.
New-WSUSGroup -Group "NewWSUSGroup"
And removing a group using Remove-WSUSGroup.
Remove-WSUSGroup -Name "NewWSUSGroup"
Approving and Declining WSUS Updates
There are a couple of ways to both approve and decline updates within this module. The first way is supplying a string value and have the command search for and approve/decline the updates.
For approving and update, you have a few other things that are required in order make the approval successful. The first is to supply a group that the update will be approved for. Second, you must provide an Action type for the update approval, typically “Install”. The third and not a required option is to provide a deadline for the update.
Approve-WSUSUpdate -Group "Domain Servers" -Update "819639" -Action Install
Declining is much easier and only requires the update string to be entered.
Deny-WSUSUpdate -Update "819639"
Besides using the string method, both the Approve-WSUSUpdate and Deny-WSUSUpdate accepts input via the pipeline and allows you to use objects as well. So combining the Get-WSUSUpdate or Get-WSUSUpdates with the approving or declining of updates will work just as well.
Get-WSUSUpdate -Update "819639" | Approve-WSUSUpdate -Group "Domain Servers" -Action Install
Get-WSUSUpdate -Update "819639" | Deny-WSUSUpdate
WSUS Synchronization
I have a few advanced functions that work with synchronization, such as pulling synchronization events with Get-WSUSSyncHistory, starting a manual synchronization with Start-WSUSSync and finding the current status of a synchronization using Get-WSUSSyncProgress.
Get-WSUSSyncHistory | select -first 1
Start-WSUSSync
Get-WSUSSyncProgress
There is a parameter switch with Get-WSUSSyncProgress and Start-WSUSSync called ‘monitor’ which starts a background job that will alert you with a popup message stating that the synchronization has been completed.
This module is available for download from both the Script Repository and at Poshcode along with the code being available below.
Currently, the code I submitted to PoshCode appears to be getting truncated. I left some feedback asking about this and am waiting on a reply. I will try again to re-post the code and see if it works, and if so, I will remove this message.
21NOV2010: Updated code for Connect-WSUSServer to allow for adding what port you want to connect to on the WSUS Server in case the server was configured for a port other than the default ports.
Write-Host "`n" Write-Host "`t`tWSUS Administrator Module 1.0" Write-Host "`n" Write-Host -nonewline "Make initial connection to WSUS Server:`t" Write-Host -fore Yellow "Connect-WSUSServer" Write-Host -nonewline "Disconnect from WSUS Server:`t`t" Write-Host -fore Yellow "Disconnect-WSUSServer" Write-Host -nonewline "List all available commands:`t`t" Write-Host -fore Yellow "Get-WSUSCommands" Write-Host "`n" function Get-WSUSCommands { <# .SYNOPSIS Lists all WSUS functions available from this module. .DESCRIPTION Lists all WSUS functions available from this module. .NOTES Name: Get-WSUSCommand Author: Boe Prox DateCreated: 18Oct2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSCommands Description ----------- This command lists all of the available WSUS commands in the module. #> [cmdletbinding()] Param () #List all WSUS functions available Get-Command *WSUS* -CommandType Function | Sort-Object Name } function Connect-WSUSServer { <# .SYNOPSIS Retrieves the last check-in times of clients on WSUS. .DESCRIPTION Retrieves the last check-in times of clients on WSUS. You will need to run this on a machine that has the WSUS Administrator console installed. .PARAMETER WsusServer Name of WSUS server to query against. .PARAMETER Secure Determines if a secure connection will be used to connect to the WSUS server. If not used, then a non-secure connection will be used. .PARAMETER Port Port number if default ports 80 and 443 not used .NOTES Name: Get-LastCheckIn Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Connect-WSUSServer -wsusserver "server1" Description ----------- This command will make the connection to the WSUS using an unsecure port (Default:80). .EXAMPLE Connect-WSUSServer -wsusserver "server1" -secure Description ----------- This command will make a secure connection (Default: 443) to a WSUS server. .EXAMPLE Connect-WSUSServer -wsusserver "server1" -port 8560 Description ----------- This command will make the connection to the WSUS using a defined port 8560. #> [cmdletbinding( DefaultParameterSetName = 'wsus', ConfirmImpact = 'low' )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$WsusServer, [Parameter( Mandatory = $False, Position = 1, ParameterSetName = '', ValueFromPipeline = $False)] [switch]$Secure, [Parameter( Mandatory = $False, Position = 2, ParameterSetName = 'port', ValueFromPipeline = $False)] [int]$port ) #Load required assemblies [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") #Make connection to WSUS server Write-Host -ForegroundColor Yellow "Attempting connection to WSUS Server: $($wsusserver)" $ErrorActionPreference = 'stop' Try { If ($secure) { Switch ($pscmdlet.ParameterSetName) { "wsus" { $Global:wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$True) $Wsus | Select Name, Version,PortNumber } "port" { $Global:wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$True,$port) $Wsus | Select Name, Version,PortNumber } } } Else { Switch ($pscmdlet.ParameterSetName) { "wsus" { $Global:wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$False) $Wsus | Select Name, Version,PortNumber } "port" { $Global:wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$False,$port) $Wsus | Select Name, Version,PortNumber } } } } Catch { Write-Error "Unable to connect to $($wsusserver)!`n$($error[0])" } } function Disconnect-WSUSServer { <# .SYNOPSIS Disconnects session against WSUS server. .DESCRIPTION Disconnects session against WSUS server. .NOTES Name: Disconnect-WSUSServer Author: Boe Prox DateCreated: 27Oct2010 .LINK https://boeprox.wordpress.org .EXAMPLE Disconnect-WSUSServer Description ----------- This command will disconnect the session to the WSUS server. #> [cmdletbinding()] Param () #Disconnect WSUS session by removing the variable Remove-Variable -Name wsus -Force } function Get-WSUSClients { <# .SYNOPSIS Retrieves a list of all of the clients in WSUS. .DESCRIPTION Retrieves a list of all of the clients in WSUS. .NOTES Name: Get-WSUSClients Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSClients Description ----------- This command will list every client in WSUS. #> [cmdletbinding()] Param () #Gather all computers in WSUS $wsus.GetComputerTargets() } function Start-WSUSSync { <# .SYNOPSIS Start synchronization on WSUS server. .DESCRIPTION Start synchronization on WSUS server. .PARAMETER Monitor Starts a synchronization and runs a background job to monitor currently running content download and notifies user when completed. .NOTES Name: Start-WSUSSync Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Start-WSUSSync Description ----------- This command will begin a manual sychronization on WSUS with the defined update source. .EXAMPLE Start-WSUSSync -monitor Description ----------- This command will begin a manual synchronization on WSUS and will begin a background job that will notifiy via pop-up message when the synchronization has completed. #> [cmdletbinding( DefaultParameterSetName = 'monitor', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param ( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = 'monitor', ValueFromPipeline = $False)] [switch]$Monitor ) $sub = $wsus.GetSubscription() $sync = $sub.GetSynchronizationProgress() If ($monitor) { #Stop and remove any jobs for SyncMonitoring $jobs = Get-Job | ? {$_.Name -eq "WSUSSyncProgressMonitor"} If ($jobs) { $jobs | Stop-Job $jobs | Remove-Job } #Start WSUS synchronization If ($pscmdlet.ShouldProcess($($wsus.name))) { $sub.StartSynchronization() "Synchronization have been started." Start-Sleep -Seconds 3 Start-Job -Name "WSUSSyncProgressMonitor" -ArgumentList $sync -ScriptBlock { Param ( $sync ) #Load required assemblies for message window [void] [System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”) While ($sync.Phase -ne "NotProcessing") { $null } [System.Windows.Forms.MessageBox]::Show("Synchronization has been completed on WSUS",”Information”) } | Out-Null } } Else { #Start WSUS synchronization If ($pscmdlet.ShouldProcess($($wsus.name))) { $sub.StartSynchronization() "Synchronization have been started." } } } function Stop-WSUSSync { <# .SYNOPSIS Stops a currently running WSUS sync. .DESCRIPTION Stops a currently running WSUS sync. .NOTES Name: Stop-WSUSSync Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Stop-WSUSSync Description ----------- This command will stop a currently running WSUS synchronization. #> [cmdletbinding( DefaultParameterSetName = 'update', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param() $sub = $wsus.GetSubscription() #Cancel synchronization running on WSUS If ($pscmdlet.ShouldProcess($($wsus.name))) { $sub.StopSynchronization() "Synchronization have been cancelled." } } function Get-WSUSSyncHistory { <# .SYNOPSIS Retrieves the synchronization history of the WSUS server. .DESCRIPTION Retrieves the synchronization history of the WSUS server. .NOTES Name: Get-WSUSSyncHistory Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSSyncHistory Description ----------- This command will list out the entire synchronization history of the WSUS server. #> [cmdletbinding()] Param () $sub = $wsus.GetSubscription() $sub.GetSynchronizationHistory() } function Get-WSUSSyncProgress { <# .SYNOPSIS Displays the current progress of a WSUS synchronization. .DESCRIPTION Displays the current progress of a WSUS synchronization. .PARAMETER Monitor Runs a background job to monitor currently running synchonization and notifies user when completed. .NOTES Name: Get-WSUSSyncProgress Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSSyncProgress Description ----------- This command will show you the current status of the WSUS sync. .EXAMPLE Get-WSUSSyncProgress -monitor Description ----------- This command will begin a background job that will notify you when the WSUS synchronization has been completed. #> [cmdletbinding()] Param ( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = 'monitor', ValueFromPipeline = $False)] [switch]$Monitor ) $sub = $wsus.GetSubscription() If ($monitor) { $job = Get-Job If ($job) { $job = Get-Job -Name "WSUSSyncProgressMonitor" } If ($job) { Get-Job -Name "WSUSSyncProgressMonitor" | Stop-Job Get-Job -Name "WSUSSyncProgressMonitor" | Remove-Job } Start-Job -Name "WSUSSyncProgressMonitor" -ArgumentList $sub -ScriptBlock { Param ( $sub ) #Load required assemblies for message window [void] [System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”) While (($sub.GetSynchronizationProgress()).Phase -ne "NotProcessing") { $null } [System.Windows.Forms.MessageBox]::Show("Synchronization has been completed on WSUS",”Information”) } | Out-Null } Else { #Gather all child servers in WSUS $sub.GetSynchronizationProgress() } } function Get-WSUSEvents { <# .SYNOPSIS Retrieves all WSUS events. .DESCRIPTION Retrieves all WSUS events from the WSUS server. .NOTES Name: Get-WSUSEvents Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSEvents Description ----------- This command will show you all of the WSUS events. #> [cmdletbinding()] Param () $sub = $wsus.GetSubscription() $sub.GetEventHistory() } function Get-WSUSGroups { <# .SYNOPSIS Retrieves all of the WSUS Target Groups. .DESCRIPTION Retrieves all of the WSUS Target Groups. .NOTES Name: Get-WSUSGroups Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSGroups Description ----------- This command will list out all of the WSUS Target groups and their respective IDs. #> [cmdletbinding()] Param () $wsus.GetComputerTargetGroups() } function Get-WSUSServer { <# .SYNOPSIS Retrieves connection and configuration information from the WSUS server. .DESCRIPTION Retrieves connection and configuration information from the WSUS server. .PARAMETER Configuration Lists more configuration information from WSUS Server .NOTES Name: Get-WSUSServer Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSServer Description ----------- This command will display basic information regarding the WSUS server. .EXAMPLE Get-WSUSServer -configuration Description ----------- This command will list out more detailed information regarding the configuration of the WSUS server. #> [cmdletbinding( DefaultParameterSetName = 'wsus', ConfirmImpact = 'low' )] Param( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = 'wsus', ValueFromPipeline = $False)] [switch]$Configuration ) If ($configuration) { $wsus.GetConfiguration() } Else { $wsus } } function Get-WSUSUpdates { <# .SYNOPSIS Retrieves all of the updates from a WSUS server. .DESCRIPTION Retrieves all of the updates from a WSUS server. .NOTES Name: Get-WSUSUpdates Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSUpdates Description ----------- This command will list out every update that is in WSUS's database whether it has been approved or not. #> [cmdletbinding()] Param () $wsus.GetUpdates() } function Get-WSUSEmailConfig { <# .SYNOPSIS Retrieves the email notification configuration from WSUS. .DESCRIPTION Retrieves the email notification configuration from WSUS. .PARAMETER SendTestEmail Optional switch that will send a test email to the configured email addresses .NOTES Name: Get-WSUSEmailConfig Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSEmailConfig Description ----------- This command will display the configuration of the email notifications. .EXAMPLE Get-WSUSEmailConfig -SendTestEmail Description ----------- This command will send a test email to the address or addresses in the To field. #> [cmdletbinding( DefaultParameterSetName = 'wsus', ConfirmImpact = 'low' )] Param( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = 'wsus', ValueFromPipeline = $False)] [switch]$SendTestEmail ) $email = $wsus.GetEmailNotificationConfiguration() If ($SendTestEmail) { $email.SendTestEmail() Write-Host -fore Green "Test email sent." } Else { $email } } function Get-WSUSUpdateCategories { <# .SYNOPSIS Retrieves the list of Update categories available from WSUS. .DESCRIPTION Retrieves the list of Update categories available from WSUS. .NOTES Name: Get-WSUSUpdateCategories Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSUpdateCategories Description ----------- This command will list all of the categories for updates in WSUS. #> [cmdletbinding()] Param () $wsus.GetUpdateCategories() } function Get-WSUSStatus { <# .SYNOPSIS Retrieves a list of all updates and their statuses along with computer statuses. .DESCRIPTION Retrieves a list of all updates and their statuses along with computer statuses. .NOTES Name: Get-WSUSStatus Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSStatus Description ----------- This command will display the status of the WSUS server along with update statuses. #> [cmdletbinding()] Param () $wsus.getstatus() } function Set-WSUSEmailConfig { <# .SYNOPSIS Configures the email notifications on a WSUS server. .DESCRIPTION Configures the email notifications on a WSUS server. It is important to note that the email address to send the emails to is Read-Only and can only be configured from the WSUS Admin Console. After the settings have been changed, the new configuration will be displayed. .PARAMETER EmailLanguage What type of language to send the email in. .PARAMETER SenderDisplayName The friendly name of where the email is coming from. .PARAMETER SenderEmailAddress The senders email address .PARAMETER SendStatusNotification Determines if an email will be sent for a status notification .PARAMETER SendSyncnotification Determines if an email will be sent after a sync by WSUS .PARAMETER SMTPHostname Server name of the smtp server to send email from .PARAMETER SMTPPort Port number to be used to connect to smtp server to send email .PARAMETER SmtpServerRequiresAuthentication Used if smtp server requires authentication .PARAMETER SmtpUserName Username to submit if required by smtp server .PARAMETER StatusNotificationFrequency Frequency (Daily or Weekly) to send notifications .PARAMETER StatusNotificationTimeOfDay Date/Time to send notifications .PARAMETER UpdateServer Name of the WSUS update server .PARAMETER SmtpPassword Password to user for smtp server connection. .NOTES Name: Set-WSUSEmailConfig Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Set-WSUSEmailConfig -SenderDisplayName "WSUSAdmin" -SenderEmailAddress "wsusadmin@domain.com" Description ----------- This command will change the sender name and email address for email notifications and then display the new settings. #> [cmdletbinding( DefaultParameterSetName = 'wsus', ConfirmImpact = 'low' )] Param( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = '', ValueFromPipeline = $False)] [string]$EmailLanguage, [Parameter( Mandatory = $False, Position = 1, ParameterSetName = '', ValueFromPipeline = $False)] [string]$SenderDisplayName, [Parameter( Mandatory = $False, Position = 2, ParameterSetName = '', ValueFromPipeline = $False)] [string]$SenderEmailAddress, [Parameter( Mandatory = $False, Position = 3, ParameterSetName = '', ValueFromPipeline = $False)] [string][ValidateSet("True","False")]$SendStatusNotification, [Parameter( Mandatory = $False, Position = 4, ParameterSetName = '',ValueFromPipeline = $False)] [string][ValidateSet("True","False")]$SendSyncnotification, [Parameter( Mandatory = $False, Position = 5, ParameterSetName = '', ValueFromPipeline = $False)] [string]$SMTPHostname, [Parameter( Mandatory = $False, Position = 6, ParameterSetName = '', ValueFromPipeline = $False)] [int]$SMTPPort, [Parameter( Mandatory = $False, Position = 7, ParameterSetName = '', ValueFromPipeline = $False)] [string][ValidateSet("True","False")]$SmtpServerRequiresAuthentication, [Parameter( Mandatory = $False, Position = 8, ParameterSetName = 'account', ValueFromPipeline = $False)] [string]$SmtpUserName, [Parameter( Mandatory = $False, Position = 9, ParameterSetName = '', ValueFromPipeline = $False)] [string][ValidateSet("Daily","Weekly")]$StatusNotificationFrequency, [Parameter( Mandatory = $False, Position = 10, ParameterSetName = '', ValueFromPipeline = $False)] [string]$StatusNotificationTimeOfDay, [Parameter( Mandatory = $False,Position = 11, ParameterSetName = '',ValueFromPipeline = $False)] [string]$UpdateServer, [Parameter( Mandatory = $False,Position = 12, ParameterSetName = 'account',ValueFromPipeline = $False)] [string]$SmtpPassword ) #Configure Email Notifications $email = $wsus.GetEmailNotificationConfiguration() $ErrorActionPreference = 'stop' Try { If ($StatusNotificationTimeOfDay) { #Validate Notification Time of Day Parameter If (!([regex]::ismatch($StatusNotificationTimeOfDay,"^\d{2}:\d{2}$"))) { Write-Error "$($StatusNotificationTimeOfDay) is not a valid time to use!`nMust be 'NN:NN'" } Else { $email.StatusNotificationTimeOfDay = $StatusNotificationTimeOfDay } } If ($UpdateServer) {$email.UpdateServer = $UpdateServer} If ($EmailLanguage) {$email.EmailLanguage = $EmailLanguage} If ($SenderDisplayName) {$email.SenderDisplayName = $SenderDisplayName} If ($SenderEmailAddress) { #Validate Email Address Parameter If (!([regex]::ismatch($SenderEmailAddress,"^\w+@\w+\.com|mil|org|net$"))) { Write-Error "$($SenderEmailAddress) is not a valid email address!`nMust be 'xxxx@xxxxx.xxx'" } Else { $email.SenderEmailAddress = $SenderEmailAddress } } If ($SMTPHostname) {$email.SMTPHostname = $SMTPHostname} If ($SMTPPort) {$email.SMTPPort = $SMTPPort} If ($SmtpServerRequiresAuthentication) {$email.SmtpServerRequiresAuthentication = $SmtpServerRequiresAuthentication} If ($SmtpUserName) {$email.SmtpUserName = $SmtpUserName} If ($SmtpPassword) {$mail.SetSmtpUserPassword($SmtpPassword)} Switch ($StatusNotificationFrequency) { "Daily" {$email.StatusNotificationFrequency = [Microsoft.UpdateServices.Administration.EmailStatusNotificationFrequency]::Daily} "Weekly" {$email.StatusNotificationFrequency = [Microsoft.UpdateServices.Administration.EmailStatusNotificationFrequency]::Weekly} Default {$Null} } Switch ($SendStatusNotification) { "True" {$email.SendStatusNotification = 1} "False" {$email.SendStatusNotification = 0} Default {$Null} } Switch ($SendSyncNotification) { "True" {$email.SendSyncNotification = 1} "False" {$email.SendSyncNotification = 0} Default {$Null} } } Catch { Write-Error "$($error[0])" } #Save Configuration Changes Try { $email.Save() Write-Host -fore Green "Email settings changed" $email } Catch { Write-Error "$($error[0])" } } function Convert-WSUSTargetGroup { <# .SYNOPSIS Converts the WSUS group from ID to Name or Name to ID. .DESCRIPTION Converts the WSUS group from ID to Name or Name to ID. .PARAMETER Id GUID of the group to be converted to friendly name .PARAMETER Name Name of the group to be converted to a guid .NOTES Name: Convert-WSUSTargetGroup Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Convert-WSUSTargetGroup -name "Domain Servers" Description ----------- This command will convert the group name "Domain Servers" into the GUID format. .EXAMPLE Convert-WSUSTargetGroup -ID "b73ca6ed-5727-47f3-84de-015e03f6a88a" Description ----------- This command will convert the given GUID into a friendly name. #> [cmdletbinding( DefaultParameterSetName = 'name', ConfirmImpact = 'low' )] Param( [Parameter( Mandatory = $False, Position = 2, ParameterSetName = 'id', ValueFromPipeline = $False)] [string]$Id, [Parameter( Mandatory = $False, Position = 3, ParameterSetName = 'name', ValueFromPipeline = $False)] [string]$Name ) If ($name) { Try { $group = $wsus.GetComputerTargetGroups() | ? {$_.Name -eq $name} $group | Select -ExpandProperty ID } Catch { Write-Error "Unable to locate $($name)." } } If ($id) { Try { $group = $wsus.GetComputerTargetGroups() | ? {$_.ID -eq $id} $group | Select -ExpandProperty Name } Catch { Write-Error "Unable to locate $($id)." } } } function Get-WSUSClientsInGroup { <# .SYNOPSIS Retrieves a list of clients that are members of a group. .DESCRIPTION Retrieves a list of clients that are members of a group. .PARAMETER Id Retrieves list of clients in group by group guid. .PARAMETER Name Retrieves list of clients in group by group name. .NOTES Name: Get-WSUSClientsInGroup Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSClientsInGroup -name "Domain Servers" Description ----------- This command will list all clients that are members of the specified group via group name. .EXAMPLE Get-WSUSClientsInGroup -ID "b73ca6ed-5727-47f3-84de-015e03f6a88a" Description ----------- This command will list all clients that are members of the specified group via the group guid. #> [cmdletbinding( DefaultParameterSetName = 'name', ConfirmImpact = 'low' )] Param( [Parameter( Mandatory = $False, Position = 2, ParameterSetName = 'name', ValueFromPipeline = $False)] [string]$Name, [Parameter( Mandatory = $False, Position = 3, ParameterSetName = 'id', ValueFromPipeline = $False)] [string]$Id ) If ($id) { ($wsus.GetComputerTargetGroups() | ? {$_.Id -eq $id}).GetComputerTargets() } If ($name) { ($wsus.GetComputerTargetGroups() | ? {$_.name -eq $name}).GetComputerTargets() } } function Get-WSUSClient { <# .SYNOPSIS Retrieves information about a WSUS client. .DESCRIPTION Retrieves information about a WSUS client. .PARAMETER Computer Name of the client to search for. Accepts a partial name. .NOTES Name: Get-WSUSClient Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSClient -computer "server1" Description ----------- This command will search for and display all computers matching the given input. #> [cmdletbinding( DefaultParameterSetName = 'wsus', ConfirmImpact = 'low' )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'wsus', ValueFromPipeline = $True)] [string]$Computer ) $ErrorActionPreference = 'stop' #Retrieve computer in WSUS Try { $wsus.SearchComputerTargets($computer) } Catch { Write-Error "Unable to retrieve $($computer) from database." } } function New-WSUSGroup { <# .SYNOPSIS Creates a new WSUS Target group. .DESCRIPTION Creates a new WSUS Target group. .PARAMETER Group Name of group being created. .PARAMETER ParentGroupName Name of group being created. .PARAMETER ParentGroupId Name of group being created. .NOTES Name: New-WSUSGroup Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE New-WSUSGroup -name "TestGroup" Description ----------- This command will create a new Target group called 'TestGroup' .EXAMPLE New-WSUSGroup -name "TestGroup" -parentgroupname "Domain Servers" Description ----------- This command will create a new Target group called 'TestGroup' under the parent group 'Domain Servers' #> [cmdletbinding( DefaultParameterSetName = 'group', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Group, [Parameter( Mandatory = $False, Position = 1, ParameterSetName = 'parentgroup', ValueFromPipeline = $True)] [string]$ParentGroupName, [Parameter( Mandatory = $False, Position = 2, ParameterSetName = 'parentgroup', ValueFromPipeline = $True)] [string]$ParentGroupId ) Process { #Determine action based on Parameter Set Name Switch ($pscmdlet.ParameterSetName) { "group" { Write-Verbose "Creating computer group" If ($pscmdlet.ShouldProcess($group)) { #Create the computer target group $wsus.CreateComputerTargetGroup($group) "$($group) has been created." } } "parentgroup" { If ($parentgroupname) { #Retrieve group based off of name Write-Verbose "Querying for parent group" $parentgroup = Get-WSUSGroups | ? {$_.name -eq $parentgroupname} If (!$parentgroup) { Write-Error "Parent Group name `'$parentgroupname`' does not exist in WSUS!" Break } } If ($parentgroupid) { #Retrieve group based off of guid Write-Verbose "Querying for parent group" $parentgroup = Get-WSUSGroups | ? {$_.id -eq $parentgroupid} If (!$parentgroup) { Write-Error "Parent Group id `'$parentgroupid`' does not exist in WSUS!" Break } } Write-Verbose "Creating computer group" If ($pscmdlet.ShouldProcess($group)) { #Create the computer target group $wsus.CreateComputerTargetGroup($group,$parentgroup) "$($group) has been created under $($parentgroup.Name)." } } } } } function Get-WSUSUpdate { <# .SYNOPSIS Retrieves information from a wsus update. .DESCRIPTION Retrieves information from a wsus update. Depending on how the information is presented in the search, more than one update may be returned. .PARAMETER Update String to search for. This can be any string for the update to include KB article numbers, name of update, category, etc... Use of wildcards (*,%) not allowed in search! .NOTES Name: Get-WSUSUpdate Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSUpdate -update "Exchange" Description ----------- This command will list every update that has 'Exchange' in it. .EXAMPLE Get-WSUSUpdate -update "925474" Description ----------- This command will list every update that has '925474' in it. #> [cmdletbinding( DefaultParameterSetName = 'wsus', ConfirmImpact = 'low' )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'wsus', ValueFromPipeline = $True)] [string]$Update ) $ErrorActionPreference = 'stop' #Retrieve computer in WSUS Try { $wsus.SearchUpdates($update) } Catch { Write-Error "Unable to retrieve $($update) from database." } } function Remove-WSUSGroup { <# .SYNOPSIS Creates a new WSUS Target group. .DESCRIPTION Creates a new WSUS Target group. .PARAMETER Name Name of group being deleted. .PARAMETER Id Id of group being deleted. .NOTES Name: Remove-WSUSGroup Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Remove-WSUSGroup -name "Domain Servers" Description ----------- This command will remove the Domain Servers WSUS Target group. .EXAMPLE Remove-WSUSGroup -id "fc93e74e-ba59-4593-9ff7-690af1be695f" Description ----------- This command will remove the Target group with ID 'fc93e74e-ba59-4593-9ff7-690af1be695f' from WSUS. #> [cmdletbinding( DefaultParameterSetName = 'name', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = 'name', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $False, Position = 1, ParameterSetName = 'id', ValueFromPipeline = $True)] [string]$Id ) Process { #Determine action based on Parameter Set Name Switch ($pscmdlet.ParameterSetName) { "name" { Write-Verbose "Querying for computer group" $group = Get-WSUSGroup -name $name If (!$group) { Write-Error "Group $name does not exist in WSUS!" Break } Else { If ($pscmdlet.ShouldProcess($name)) { #Create the computer target group $group.Delete() "$($name) has been deleted from WSUS." } } } "id" { Write-Verbose "Querying for computer group" $group = Get-WSUSGroup -id $id If (!$group) { Write-Error "Group $id does not exist in WSUS!" Break } If ($pscmdlet.ShouldProcess($id)) { #Create the computer target group $group.Delete() "$($id) has been deleted from WSUS." } } } } } function Add-WSUSClientToGroup { <# .SYNOPSIS Adds a computer client to an existing WSUS group. .DESCRIPTION Adds a computer client to an existing WSUS group. .PARAMETER Group Name of group to add client to. .PARAMETER Computer Name of computer being added to group. .NOTES Name: Add-WSUSClientToGroup Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Add-WSUSClientToGroup -group "Domain Servers" -computer "server1" Description ----------- This command will add the client "server1" to the WSUS target group "Domain Servers". #> [cmdletbinding( DefaultParameterSetName = 'group', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'group', ValueFromPipeline = $True)] [string]$Group, [Parameter( Mandatory = $False, Position = 1, ParameterSetName = 'group', ValueFromPipeline = $True)] [string]$Computer ) #Verify Computer is in WSUS Write-Verbose "Validating client in WSUS" $client = Get-WSUSClient -computer $computer If ($client) { #Get group object Write-Verbose "Retrieving group" $targetgroup = Get-WSUSGroup -name $group If (!$targetgroup) { Write-Error "Group $group does not exist in WSUS!" Break } #Add client to group Write-Verbose "Adding client to group" If ($pscmdlet.ShouldProcess($($client.fulldomainname))) { $targetgroup.AddComputerTarget($client) "$($client.FullDomainName) has been added to $($group)" } } Else { Write-Error "Computer: $computer is not in WSUS!" } } function Remove-WSUSClientFromGroup { <# .SYNOPSIS Removes a computer client to an existing WSUS group. .DESCRIPTION Removes a computer client to an existing WSUS group. .PARAMETER Group Name of group to remove client from. .PARAMETER Computer Name of computer being removed from group. .NOTES Name: Remove-WSUSClientToGroup Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Remove-WSUSClientFromGroup -group "Domain Servers" -computer "server1" Description ----------- This command will remove the client "server1" from the WSUS target group "Domain Servers". #> [cmdletbinding( DefaultParameterSetName = 'group', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'group', ValueFromPipeline = $True)] [string]$Group, [Parameter( Mandatory = $False, Position = 1, ParameterSetName = 'group', ValueFromPipeline = $True)] [string]$Computer ) #Verify Computer is in WSUS $client = Get-WSUSClient -computer $computer If ($client) { #Get group object Write-Verbose "Retrieving group" $targetgroup = Get-WSUSGroup -name $group If (!$targetgroup) { Write-Error "Group $group does not exist in WSUS!" Break } #Remove client from group Write-Verbose "Removing client to group" If ($pscmdlet.ShouldProcess($($client.fulldomainname))) { $targetgroup.RemoveComputerTarget($client) "$($client.fulldomainname) has been removed from $($group)" } } Else { Write-Error "Computer: $computer is not in WSUS!" } } function Get-WSUSDatabaseConfig { <# .SYNOPSIS Displays the current WSUS database configuration. .DESCRIPTION Displays the current WSUS database configuration. .NOTES Name: Get-WSUSDatabaseConfig Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSDatabaseConfig Description ----------- This command will display the configuration information for the WSUS connection to a database. #> [cmdletbinding()] Param () $wsus.GetDatabaseConfiguration() } function Get-WSUSSubscription { <# .SYNOPSIS Displays WSUS subscription information. .DESCRIPTION Displays WSUS subscription information. You can view the next synchronization time, who last modified the schedule, etc... .NOTES Name: Get-WSUSSubscription Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSSubscription Description ----------- This command will list out the various subscription information on the WSUS server. #> [cmdletbinding()] Param () $wsus.GetSubscription() } function Deny-WSUSUpdate { <# .SYNOPSIS Declines an update on WSUS. .DESCRIPTION Declines an update on WSUS. Use of the -whatif is advised to be sure you are declining the right patch or patches. .PARAMETER InputObject Collection of update/s being declined. This must be an object, otherwise it will fail. .PARAMETER Update Name of update/s being declined. .NOTES Name: Deny-WSUSUpdate Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSUpdate -update "Exchange 2010" | Deny-WSUSUpdate Description ----------- This command will decline all updates with 'Exchange 2010' in its metadata. .EXAMPLE Deny-WSUSUpdate -Update "Exchange 2010" Description ----------- This command will decline all updates with 'Exchange 2010' in its metadata. .EXAMPLE $updates = Get-WSUSUpdate -update "Exchange 2010" Deny-WSUSUpdate -InputObject $updates Description ----------- This command will decline all updates with 'Exchange 2010' in its metadata. .EXAMPLE Get-WSUSUpdate -update "Exchange 2010" | Deny-WSUSUpdate Description ----------- This command will decline all updates with 'Exchange 2010' in its metadata via the pipeline. #> [cmdletbinding( DefaultParameterSetName = 'collection', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'collection', ValueFromPipeline = $True)] [system.object]$InputObject, [Parameter( Mandatory = $False, Position = 1, ParameterSetName = 'string', ValueFromPipeline = $False)] [string]$Update ) Process { Switch ($pscmdlet.ParameterSetName) { "Collection" { Write-Verbose "Using 'Collection' set name" #Change the collection to patches for use in loop $patches = $inputobject } "String" { Write-Verbose "Using 'String' set name" #Gather all updates from given information Write-Verbose "Searching for updates" $patches = Get-WSUSUpdate -update $update } } ForEach ($patch in $patches) { #Decline the update Write-Verbose "Declining update" If ($pscmdlet.ShouldProcess($($patch.title))) { $patch.Decline($True) | out-null #Print out report of what was declined New-Object PSObject -Property @{ Patch = $patch.title ApprovalAction = "Declined" } } } } } function Approve-WSUSUpdate { <# .SYNOPSIS Approves a WSUS update for a specific group with an optional deadline. .DESCRIPTION Approves a WSUS update for a specific group with an optional deadline. .PARAMETER InputObject Update object that is being approved. .PARAMETER Update Name of update being approved. .PARAMETER Group Name of group which will receive the update. .PARAMETER Deadline Optional deadline for client to install patch. .PARAMETER Action Type of approval action to take on update. Accepted values are Install, Approve, Uninstall and NotApproved .NOTES Name: Approve-WSUSUpdate Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Approve-WSUSUpdate -update "KB979906" -Group "Domain Servers" -Action Install Description ----------- This command will approve all updates with the KnowledgeBase number of KB979906 for the 'Domain Servers' group and the action command of 'Install'. .EXAMPLE Approve-WSUSUpdate -update "KB979906" -Group "Domain Servers" -Action Install -Deadline (get-Date).AddDays(3) Description ----------- This command will approve all updates with the KnowledgeBase number of KB979906 for the 'Domain Servers' group and the action command of 'Install' and sets a deadline for 3 days from when this command is run. .EXAMPLE Get-WSUSUpdate -Update "KB979906" | Approve-WSUSUpdate -Group "Domain Servers" -Action Install Description ----------- This command will take the collection of objects from the Get-WSUSUpdate command and then approve all updates for the 'Domain Servers' group and the action command of 'Install'. #> [cmdletbinding( DefaultParameterSetName = 'string', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'collection', ValueFromPipeline = $True)] [system.object] [ValidateNotNullOrEmpty()] $InputObject, [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'string', ValueFromPipeline = $False)] [string]$Update, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $False)] [string] [ValidateSet("Install", "All", "NotApproved","Uninstall")] $Action, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $False)] [string]$Group, [Parameter( Mandatory = $False, Position = 3, ParameterSetName = '', ValueFromPipeline = $False)] [datetime]$Deadline ) Begin { #Define the actions available Write-Verbose "Defining available approval actions" $Install = [Microsoft.UpdateServices.Administration.UpdateApprovalAction]::Install $All = [Microsoft.UpdateServices.Administration.UpdateApprovalAction]::All $NotApproved = [Microsoft.UpdateServices.Administration.UpdateApprovalAction]::NotApproved $Uninstall = [Microsoft.UpdateServices.Administration.UpdateApprovalAction]::Uninstall #Search for group specified Write-Verbose "Searching for group" $targetgroup = Get-WSUSGroup -name $group If (!$targetgroup) { Write-Error "Group $group does not exist in WSUS!" Break } } Process { #Perform appropriate action based on Parameter set name Switch ($pscmdlet.ParameterSetName) { "collection" { Write-Verbose "Using 'Collection' set name" #Change the variable that will hold the objects $patches = $inputobject } "string" { Write-Verbose "Using 'String' set name" #Search for updates Write-Verbose "Searching for update/s" $patches = Get-WSUSUpdate -update $update If (!$patches) { Write-Error "Update $update could not be found in WSUS!" Break } } } ForEach ($patch in $patches) { #Determine if Deadline is required If ($deadline) { Write-Verbose "Approving update with a deadline." If ($pscmdlet.ShouldProcess($($patch.title))) { #Create the computer target group $patch.Approve($action,$targetgroup,$deadline) | out-null #Print out report of what was approved New-Object PSObject -Property @{ Patch = $patch.title TargetGroup = $group ApprovalAction = $action Deadline = "$($deadline)" } } } Else { #Approve the patch Write-Verbose "Approving update without a deadline." If ($pscmdlet.ShouldProcess($($patch.title))) { #Create the computer target group $patch.Approve($action,$targetgroup) | out-null #Print out report of what was approved New-Object PSObject -Property @{ Patch = $patch.title TargetGroup = $group ApprovalAction = $action } } } } } } function Get-WSUSGroup { <# .SYNOPSIS Retrieves specific WSUS target group. .DESCRIPTION Retrieves specific WSUS target group. .PARAMETER Name Name of group to search for. No wildcards allowed. .PARAMETER Id GUID of group to search for. No wildcards allowed. .NOTES Name: Get-WSUSGroups Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSGroup -name "Domain Servers" Description ----------- This command will search for the group and display the information for Domain Servers" .EXAMPLE Get-WSUSGroup -ID "0b5ba818-021e-4238-8098-7245b0f90557" Description ----------- This command will search for the group and display the information for the WSUS group guid 0b5ba818-021e-4238-8098-7245b0f90557" #> [cmdletbinding( DefaultParameterSetName = 'name', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'name', ValueFromPipeline = $False)] [string]$Name, [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'id', ValueFromPipeline = $False)] [string]$Id ) Switch ($pscmdlet.ParameterSetName) { "name" {$wsus.GetComputerTargetGroups() | ? {$_.name -eq $name}} "id" {$wsus.GetComputerTargetGroups() | ? {$_.id -eq $id}} } } function Remove-WSUSUpdate { <# .SYNOPSIS Removes an update on WSUS. .DESCRIPTION Removes an update on WSUS. Use of the -whatif is advised to be sure you are declining the right patch or patches. .PARAMETER Update Name of update being removed. .NOTES Name: Remove-WSUSUpdate Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Remove-WSUSUpdate -update "KB986569" Description ----------- This command will remove all instances of KB986569 from WSUS. #> [cmdletbinding( DefaultParameterSetName = 'update', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'update', ValueFromPipeline = $True)] [string]$Update ) Begin { #Gather all updates from given information Write-Verbose "Searching for updates" $patches = Get-WSUSUpdate -update $update } Process { ForEach ($patch in $patches) { #Storing update guid $guid = ($patch.id).updateid If ($pscmdlet.ShouldProcess($($patch.title))) { $wsus.DeleteUpdate($id,$True) "$($patch.title) has been deleted from WSUS" } } } } function Stop-WSUSDownloads { <# .SYNOPSIS Cancels all current WSUS downloads. .DESCRIPTION Cancels all current WSUS downloads. .NOTES Name: Stop-WSUSDownloads Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Stop-WSUSDownloads Description ----------- This command will stop all updates being downloaded to the WSUS server. #> [cmdletbinding( DefaultParameterSetName = 'update', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param() #Cancel all downloads running on WSUS If ($pscmdlet.ShouldProcess($($wsus.name))) { $wsus.CancelAllDownloads() "Downloads have been cancelled." } } function Resume-WSUSDownloads { <# .SYNOPSIS Resumes all current WSUS downloads. .DESCRIPTION Resumes all current WSUS downloads that had been cancelled. .NOTES Name: Resume-WSUSDownloads Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Resume-WSUSDownloads Description ----------- This command will resume the downloading of updates to the WSUS server. #> [cmdletbinding( DefaultParameterSetName = 'update', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param() #Cancel all downloads running on WSUS If ($pscmdlet.ShouldProcess($($wsus.name))) { $wsus.ResumeAllDownloads() "Downloads have been resumed." } } function Stop-WSUSUpdateDownload { <# .SYNOPSIS Stops update download after approval. .DESCRIPTION Stops update download after approval. .PARAMETER update Name of update to cancel download. .NOTES Name: Stop-WSUSUpdateDownload Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Stop-WSUSUpdateDownload -update "KB965896" Description ----------- This command will cancel the download of update KB956896. #> [cmdletbinding( DefaultParameterSetName = 'update', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'update', ValueFromPipeline = $True)] [string]$update ) Begin { #Gather all updates from given information Write-Verbose "Searching for updates" $patches = Get-WSUSUpdate -update $update } Process { If ($patches) { ForEach ($patch in $patches) { Write-Verbose "Cancelling update download" If ($pscmdlet.ShouldProcess($($patch.title))) { $patch.CancelDownload() "$($patch.title) download has been cancelled." } } } Else { Write-Warning "No patches found that need downloading cancelled." } } } function Resume-WSUSUpdateDownload { <# .SYNOPSIS Resumes previously cancelled update download after approval. .DESCRIPTION Resumes previously cancelled update download after approval. .PARAMETER Update Name of cancelled update download to resume download. .NOTES Name: Resume-WSUSUpdateDownload Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Resume-WSUSUpdateDownload -update "KB965896" Description ----------- This command will resume the download of update KB956896 that was previously cancelled. #> [cmdletbinding( DefaultParameterSetName = 'update', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'update', ValueFromPipeline = $True)] [string]$Update ) Begin { #Gather all updates from given information Write-Verbose "Searching for updates" $patches = Get-WSUSUpdate -update $update } Process { If ($patches) { ForEach ($patch in $patches) { Write-Verbose "Resuming update download" If ($pscmdlet.ShouldProcess($($patch.title))) { $patch.ResumeDownload() "$($patch.title) download has been resumed." } } } Else { Write-Warning "No patches found needing to resume download!" } } } function Start-WSUSCleanup { <# .SYNOPSIS Performs a cleanup on WSUS based on user inputs. .DESCRIPTION Performs a cleanup on WSUS based on user inputs. .PARAMETER DeclineSupersededUpdates Declined Superseded Updates will be removed. .PARAMETER DeclineExpiredUpdates Expired updates should be declined. .PARAMETER CleanupObsoleteUpdates Delete obsolete updates from the database. .PARAMETER CompressUpdates Obsolete revisions to updates should be deleted from the database. .PARAMETER CleanupObsoleteComputers Delete obsolete computers from the database. .PARAMETER CleanupUnneededContentFiles Delete unneeded update files. .NOTES Name: Start-WSUSCleanup Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Start-WSUSCleanup -CompressUpdates -CleanupObsoleteComputers Description ----------- This command will run the WSUS cleanup wizard and delete obsolete computers from the database and delete obsolete update revisions from the database. .EXAMPLE Start-WSUSCleanup -CompressUpdates -CleanupObsoleteComputers -DeclineExpiredUpdates -CleanupObsoleteUpdates -CleanupUnneededContentFiles Description ----------- This command performs a full WSUS cleanup against the database. #> [cmdletbinding( DefaultParameterSetName = 'cleanup', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = 'cleanup', ValueFromPipeline = $False)] [switch]$DeclineSupersededUpdates, [Parameter( Mandatory = $False, Position = 1, ParameterSetName = 'cleanup', ValueFromPipeline = $False)] [switch]$DeclineExpiredUpdates, [Parameter( Mandatory = $False, Position = 2, ParameterSetName = 'cleanup', ValueFromPipeline = $False)] [switch]$CleanupObsoleteUpdates, [Parameter( Mandatory = $False, Position = 3, ParameterSetName = 'cleanup', ValueFromPipeline = $False)] [switch]$CompressUpdates, [Parameter( Mandatory = $False, Position = 4, ParameterSetName = 'cleanup', ValueFromPipeline = $False)] [switch]$CleanupObsoleteComputers, [Parameter( Mandatory = $False, Position = 5, ParameterSetName = 'cleanup', ValueFromPipeline = $False)] [switch]$CleanupUnneededContentFiles ) Begin { #Create cleanup scope $cleanScope = new-object Microsoft.UpdateServices.Administration.CleanupScope #Create cleanup manager object $cleanup = $wsus.GetCleanupManager() #Determine what will be in the scope If ($DeclineSupersededUpdates) { $cleanScope.DeclineSupersededUpdates = $True } If ($DeclineExpiredUpdates) { $cleanScope.DeclineExpiredUpdates = $True } If ($CleanupObsoleteUpdates) { $cleanScope.CleanupObsoleteUpdates = $True } If ($CompressUpdates) { $cleanScope.CompressUpdates = $True } If ($CleanupObsoleteComputers) { $cleanScope.CleanupObsoleteComputers = $True } If ($CleanupUnneededContentFiles) { $cleanScope.CleanupUnneededContentFiles = $True } } Process { Write-Host "Beginning cleanup" If ($pscmdlet.ShouldProcess($($wsus.name))) { $cleanup.PerformCleanup($cleanScope) } } } function Get-WSUSChildServers { <# .SYNOPSIS Retrieves all WSUS child servers. .DESCRIPTION Retrieves all WSUS child servers. .NOTES Name: Get-WSUSChildServers Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSChildServers Description ----------- This command will display all of the Child WSUS servers. #> [cmdletbinding()] Param () #Gather all child servers in WSUS $wsus.GetChildServers() } function Get-WSUSDownstreamServers { <# .SYNOPSIS Retrieves all WSUS downstream servers. .DESCRIPTION Retrieves all WSUS downstream servers. .NOTES Name: Get-WSUSDownstreamServers Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSDownstreamServers Description ----------- This command will display a list of all of the downstream WSUS servers. #> [cmdletbinding()] Param () #Gather all child servers in WSUS $wsus.GetDownstreamServers() } function Get-WSUSContentDownloadProgress { <# .SYNOPSIS Retrieves the progress of currently downloading updates. Displayed in bytes downloaded. .DESCRIPTION Retrieves the progress of currently downloading updates. Displayed in bytes downloaded. .PARAMETER Monitor Runs a background job to monitor currently running content download and notifies user when completed. .NOTES Name: Get-WSUSContentDownloadProgress Author: Boe Prox DateCreated: 24SEPT2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSContentDownloadProgress Description ----------- This command will display the current progress of the content download. .EXAMPLE Get-WSUSContentDownloadProgress -monitor Description ----------- This command will create a background job that will monitor the progress and alert the user via pop-up message that the download has been completed. #> [cmdletbinding()] Param ( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = 'monitor', ValueFromPipeline = $False)] [switch]$Monitor ) If ($monitor) { #Stop and remove same jobs if existing $job = Get-Job If ($job) { $job = Get-Job -Name "WSUSSyncProgressMonitor" } If ($job) { Get-Job -Name "WSUSContentProgressMonitor" | Stop-Job Get-Job -Name "WSUSContentProgressMonitor" | Remove-Job } Start-Job -Name "WSUSContentProgressMonitor" -ArgumentList $wsus -ScriptBlock { Param ( $wsus ) #Load required assemblies for message window [void] [System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”) $progress = $wsus.GetContentDownloadProgress() While ($progress.TotalBytesToDownload -ne $progress.DownloadedBytes) { $null } [System.Windows.Forms.MessageBox]::Show("Content download has been completed on WSUS",”Information”) } | Out-Null } Else { #Gather all child servers in WSUS $wsus.GetContentDownloadProgress() } } function Remove-WSUSClient { <# .SYNOPSIS Removes client from WSUS. .DESCRIPTION Removes client from WSUS. .PARAMETER Computer Name of the client to remove from WSUS. .PARAMETER InputObject Computer object that is being removed. .NOTES Name: Remove-WSUSClient Author: Boe Prox DateCreated: 12NOV2010 .LINK https://boeprox.wordpress.org .EXAMPLE Remove-WSUSClient -computer "server1" Description ----------- This command will remove 'server1' from WSUS. .EXAMPLE Get-WSUSClient -computer "server1" | Remove-WSUSClient Description ----------- This command will remove 'server1' from WSUS. .EXAMPLE Get-WSUSClient -computer "servers" | % {Remove-WSUSClient -inputobject $_} Description ----------- This command will remove multiple servers from WSUS. #> [cmdletbinding( DefaultParameterSetName = 'collection', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'string', ValueFromPipeline = $True)] [string]$Computer, [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'collection', ValueFromPipeline = $True)] [system.object] [ValidateNotNullOrEmpty()] $InputObject ) $ErrorActionPreference = 'continue' Switch ($pscmdlet.ParameterSetName) { "string" { Write-Verbose "String parameter" #Retrieve computer in WSUS Try { Write-Verbose "Searching for computer" $client = $wsus.SearchComputerTargets($computer) } Catch { Write-Error "Unable to retrieve $($computer) from database." } } "Collection" { Write-Verbose "Collection parameter" $client = $inputobject } } #Remove client from WSUS If ($pscmdlet.ShouldProcess($computer)) { Try { Write-Verbose "Removing computer from WSUS" $client | % -process {$_.Delete()} Write-Host -fore Green "$($Client.FullDomainName) removed from WSUS" } Catch { Write-Error "Unable to remove $($client.fulldomainname) from WSUS." } } } function Get-WSUSClientGroupMembership { <# .SYNOPSIS Lists all Target Groups that a client is a member of in WSUS. .DESCRIPTION Lists all Target Groups that a client is a member of in WSUS. .PARAMETER Computer Name of the client to check group membership. .PARAMETER InputObject Computer object being used to check group membership. .NOTES Name: Get-WSUSClientGroupMembership Author: Boe Prox DateCreated: 12NOV2010 .LINK https://boeprox.wordpress.org .EXAMPLE Get-WSUSClientGroupMembership -computer "server1" Description ----------- This command will retrieve the group membership/s of 'server1'. .EXAMPLE Get-WSUSClient -computer "server1" | Get-WSUSClientGroupMembership Description ----------- This command will retrieve the group membership/s of 'server1'. .EXAMPLE Get-WSUSClient -computer "servers" | % {Get-WSUSClientGroupMembership -inputobject $_} Description ----------- This command will retrieve the group membership/s of each server. #> [cmdletbinding( DefaultParameterSetName = 'collection', ConfirmImpact = 'low', SupportsShouldProcess = $True )] Param( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'string', ValueFromPipeline = $True)] [string]$Computer, [Parameter( Mandatory = $True, Position = 0, ParameterSetName = 'collection', ValueFromPipeline = $True)] [system.object] [ValidateNotNullOrEmpty()] $InputObject ) $ErrorActionPreference = 'continue' Switch ($pscmdlet.ParameterSetName) { "string" { Write-Verbose "String parameter" #Retrieve computer in WSUS Try { Write-Verbose "Searching for computer" $client = $wsus.SearchComputerTargets($computer) } Catch { Write-Error "Unable to retrieve $($computer) from database." } } "Collection" { Write-Verbose "Collection parameter" $client = $inputobject } } #List group membership of client $client | % -process {$_.GetComputerTargetGroups()} }
Trying to run this on my WSUS server (Server 2012 R2) and it won’t connect no matter what server name I give it…
Any thoughts! I am desperately trying to cancel some downloads that cause the WSUS MMC console to crash when I try to cancel the downloads there.
Is there any way to reset updates that have been approved to not approved using this? I’ve seen a blanket decline option but nothing that gives a “un-approve updates for group/collection B only”
Does anyone know how can I change the target group of results? I mean, all results that I obtaine with Posh WSUS , just showing for an specific group and I want all computers. I will really appreciate your help…
I have been using this module for years now and its a pretty neat and useful too. Thanks for your effort and time and sharing this.
Boe, I am trying to schedule a report that would show that same report for ‘Computer Tabular Status Report for Approved Updates’ but I can not seem to figure out as the result is always the same to just ”Computer Tabular Status Report”. When time permits, can you help check and let me know the right combination to get the right output? Thanks a lot!
Here is my code:
Import-Module “D:\PoshWSUS”
$WSUSServer = Connect-PoshWSUSServer -WsusServer “WSUSServer” -Port 8530
$Result = $Null; $Result = @()
$FQDNs = Get-PoshWSUSClientsInGroup -Name “Test Group” | % {$.FullDomainName}
Foreach ($FQDN in $FQDNs){
$ComputerScope = New-poshWSUSComputerScope -NameIncludes $FQDN.split(“.”)[0]
$UpdateScope = New-poshWSUSUpdateScope -ApprovedStates Any -UpdateApprovalActions Install -IncludedInstallationStates All
$Result += Get-PoshWSUSUpdateSummaryPerClient -ComputerScope $ComputerScope -UpdateScope $UpdateScope
}
$Result | Sort Computer | Select Computer,@{n=’Needed’;e={$.NeededCount}},InstalledCount,NotApplicableCount,
@{n='InstalledAndNotApplicable';e={$_.InstalledCount + $_.NotApplicableCount}},UnknownCount,FailedCount,
@{n=’PendingReboot’;e={$_.InstalledPendingRebootCount}},DownloadedCount,LastUpdated | ft -auto
An interesting and promising article for some broken WSUS systems I’m working with. Do you know where I can locate a copy of the module that contains these commands (wsusadmin-module.psm1) for WSUS 3.0 SP2? All references I can find point me to PoshWSUS, which has different commands and syntax.
Thanks!
Pingback: WSUS Administrator Module Aus der IT – Praxis…
I work at a datacenter and it works great for one of my customers but for another when I do connect-poshwsusserver computername I get error Unable to connect to computername!
I haven’t found any useful help articles online.
Are they using the same port with WSUS? If not you will need timo specify the different port using-Port.
Hello Boe,
I’m having the same issue. My server uses 8530/8531 and even when I specify these ports the message is the same “WARNING: Unbale to connect to …”
Thank oyu.
I had the same issue and found I had to add
before import-module…
Pingback: Installing and Configuring WSUS with Powershell | smsagent
Well done.
Could you tell me if there is any way to get wsus update with parametar of approval/decline date/time?
Thank you
Loved it. Very useful.Thanks!
Pingback: PoshWSUS on Codeplex | Server Ninjas
Hi,
very nice and useful module ! excellent job 🙂
quick idea/suggestion if you are interested in…
Could be useful to check the approval status per KB to know in which WSUS groups the KB has been approved or not…
let me know your thoughts
Cheers,
Michael
Some problems with ”
Get-Wsusclientgroupmembership -Computer “$servername” ”
If the servename is identical with some characters you get to much information/groups from all server.
Example:
Servername is a)serverastest and b)serverastest2.msds.insite
$servername=serverastest
First you get all information for both server.
If you set $servername=servertest2.msds.insite you got only the information about this server.
I think the function doesn’t search the servername. The function works with wildcards as a string and not with the correct servername…
Can you help me for a better version, please.
I will add this to my list of things to do for the module and see what I can do about this. Thanks!
Pingback: WSUS and Powershell « The Wonders Never Cease
Pingback: Some cool PowerShell modules | Dalle & DXter
Pingback: Episode 133 – Shane Hoey in Australia is Paging Dr. Scripto « PowerScripting Podcast
Truly amazing site ! Have a look at it !
I’d recommend splitting this module up into different source files. The main module file could be the “installer” for it, referencing the “real” source files using dot-sourcing.
I used this method in the current module I’m working on, and it works great. Besides making module maintenance easier, it also adds a level of professionalism to the module, rather than sticking everything inside a single file.
Cheers,
Trevor Sullivan (@pcgeek86)
Interesting. I will definitely look into that for the next version. Thanks for the good information!
I’d also suggest publishing it on CodePlex :]
Wow looks promising, I will definitely give it a try.